Add request timeout to pagination #27
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Dependency Review" | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - labeled | |
| - unlabeled | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v6 | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| base-ref: > | |
| ${{ | |
| github.event_name == 'pull_request' && github.event.pull_request.base.sha || | |
| github.event_name == 'merge_group' && github.event.merge_group.base_sha || | |
| github.event.repository.default_branch | |
| }} | |
| head-ref: ${{ github.event.pull_request.head.sha || github.ref }} | |
| retry-on-snapshot-warnings: true | |
| retry-on-snapshot-warnings-timeout: 900 | |
| vulnerability-check: true | |
| fail-on-severity: moderate | |
| license-check: true | |
| # comma-separated SPDX identifiers | |
| # https://heathermeeker.com/the-license-list/ | |
| # DO NOT ADD LICENSES WITHOUT APPROVAL FROM LEGAL/SECURITY | |
| allow-licenses: >- | |
| 0BSD, | |
| AFL-2.1, | |
| Apache-2.0, | |
| BlueOak-1.0.0, | |
| BSD-2-Clause, | |
| BSD-3-Clause, | |
| CC-BY-3.0, | |
| CC-BY-4.0, | |
| CC0-1.0, | |
| CDLA-Permissive-2.0, | |
| EPL-2.0, | |
| HPND-Markus-Kuhn, | |
| ISC, | |
| LicenseRef-bad-mitapache-2.0, | |
| LicenseRef-scancode-dco-1.1, | |
| LicenseRef-scancode-generic-cla, | |
| LicenseRef-scancode-protobuf, | |
| LicenseRef-scancode-public-domain, | |
| LicenseRef-scancode-secret-labs-2011, | |
| LicenseRef-scancode-us-govt-public-domain, | |
| MIT, | |
| MIT-0, | |
| MIT-CMU, | |
| MPL-2.0, | |
| OFL-1.1, | |
| OpenSSL, | |
| PSF-2.0, | |
| Python-2.0, | |
| Python-2.0.1, | |
| Unicode-3.0, | |
| Unicode-DFS-2016, | |
| Unlicense, | |
| WTFPL, | |
| ZPL-2.1, | |
| Zlib | |
| # npm/@lancedb/lancedb*: Temporary addition due to upstream non-compliance with SPDX | |
| # (https://github.com/lancedb/lancedb/pull/2558) | |
| # npm/cookie-signature: Temporary addition due to ClearlyDefined error | |
| # (https://github.com/clearlydefined/curated-data/pull/29904) | |
| # pypi/charset-normalizer: Temporary addition due to ClearlyDefined error | |
| # (https://github.com/clearlydefined/curated-data/pull/29974) | |
| # npm/{@pgsql/*,pg*}: Temporary addition due to upstream non-compliance with SPDX | |
| # (https://github.com/launchql/pgsql-parser/pull/222) | |
| # npm/strfy-js: Temporary addition due to upstream non-compliance with SPDX | |
| # (https://github.com/hyperweb-io/strfy-js/pull/2) | |
| # npm/nested-obj: Temporary addition due to upstream non-compliance with SPDX | |
| # (https://github.com/pyramation/nested-obj/pull/1) | |
| # maven/com.google.errorprone/error_prone_annotations: Temporary addition due to ClearlyDefined error | |
| # (https://github.com/clearlydefined/curated-data/pull/30203) | |
| # npm/canvas: Temporary addition due to ClearlyDefined error | |
| # (https://github.com/clearlydefined/curated-data/pull/32066) | |
| # npm/bignumber.js: ClearlyDefined error showing inaccurate license | |
| # pypi/chardet: LGPL-2.1-or-later -- only approving as a one-off | |
| # npm/@img/sharp*: LGPL-3.0-or-later -- only approving as a one-off; for local dev using claude code | |
| # pypi/aiohappyeyeballs: License detection is wrong (incorrectly detecting unknown license) | |
| # pypi/psycopg2: LGPL-2.0-or-later AND LGPL-3.0-or-later -- only approving as a one-off | |
| # pypi/shapely: LGPL-2.1-only -- only approving as a one-off | |
| # pypi/typing-extensions: License detection is wrong (not GPL) | |
| # pypi/astroid: LGPL-2.1-only -- only approving as a one-off | |
| # pypi/pylint: CC-BY-SA-4.0 AND GPL-2.0-only -- only approving as a one-off | |
| # pypi/pyzmq: LGPL-3.0-only AND LicenseRef-github-NOASSERTION -- only approving as a one-off | |
| # npm/glob: CC-BY-SA-4.0 -- A one-off bypass since we're not shipping code with it | |
| # npm/@cspell/dict-en-common-misspellings: LicenseRef-bad-cc-by-sa-4.0 -- Not shipping in code | |
| allow-dependencies-licenses: >- | |
| pkg:npm/@lancedb/lancedb, | |
| pkg:npm/@lancedb/lancedb-darwin-arm64, | |
| pkg:npm/@lancedb/lancedb-darwin-x64, | |
| pkg:npm/@lancedb/lancedb-linux-arm64-gnu, | |
| pkg:npm/@lancedb/lancedb-linux-arm64-musl, | |
| pkg:npm/@lancedb/lancedb-linux-x64-gnu, | |
| pkg:npm/@lancedb/lancedb-linux-x64-musl, | |
| pkg:npm/@lancedb/lancedb-win32-arm64-msvc, | |
| pkg:npm/@lancedb/lancedb-win32-x64-msvc, | |
| pkg:npm/cookie-signature, | |
| pkg:npm/@ag-grid-enterprise/master-detail, | |
| pkg:npm/@pgsql/traverse, | |
| pkg:npm/@pgsql/types, | |
| pkg:npm/@pgsql/utils, | |
| pkg:npm/pgsql-parser, | |
| pkg:npm/pgsql-deparser, | |
| pkg:npm/pg-proto-parser, | |
| pkg:npm/strfy-js, | |
| pkg:npm/nested-obj, | |
| pkg:pypi/charset-normalizer, | |
| pkg:maven/com.google.errorprone/error_prone_annotations, | |
| pkg:npm/canvas, | |
| pkg:npm/bignumber.js, | |
| pkg:pypi/chardet, | |
| pkg:npm/@img/sharp-libvips-linuxmusl-arm64, | |
| pkg:npm/@img/sharp-libvips-linuxmusl-x64, | |
| pkg:pypi/aiohappyeyeballs, | |
| pkg:pypi/psycopg2, | |
| pkg:pypi/shapely, | |
| pkg:pypi/typing-extensions, | |
| pkg:pypi/astroid, | |
| pkg:pypi/pylint, | |
| pkg:pypi/pyzmq, | |
| pkg:npm/glob, | |
| pkg:npm/@cspell/dict-en-common-misspellings | |
| # Known vulnerabilities we're ok with ignoring. | |
| # These are generally because they are in an older python kernel | |
| # version that we aren't upgrading because it's EOL (and officially | |
| # unsupported by us). | |
| # filelock: https://github.com/advisories/GHSA-w853-jp5j-5j7f | |
| # filelock: https://github.com/advisories/GHSA-qmgc-5h2g-mvrw | |
| allow-ghsas: >- | |
| GHSA-w853-jp5j-5j7f, | |
| GHSA-qmgc-5h2g-mvrw | |
| comment-summary-in-pr: on-failure |